Employers Should Avoid Requesting Facebook Passwords

In the information age, it may be tempting for employers to seek out personal information about prospective employees before making a hiring decision and, given the number of social media outlets, including Facebook, it is certainly easy for employers to do so. Indeed, Facebook is a potential wealth of information that otherwise might not be available to an employer through the traditional hiring process.

Because of the recent uproar by legislators around the country, employers who request Facebook and other social media passwords from prospective employees may want to rethink this practice. State legislatures are moving to ban the practice, and some states have already succeeded in passing bills prohibiting such requests, including Maryland and Illinois. Similar proposals have been introduced in New York, California, Washington, and Ohio. Further, federal legislators introduced a similar bill in the U.S. House of Representatives in late April and companion proposals in the both the House and U.S. Senate in early May. Facebook itself prohibits users from sharing passwords, and Facebook’s chief privacy officer has publicly warned employers that Facebook may take action against employers who request passwords, stating that Facebook will “take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.”

Even without this momentum, employers expose themselves to unnecessary legal problems when requesting passwords from prospective employees. Facebook pages typically include a person’s age, race, religion, marital status, and other identifying information, putting employers at risk for claims of illegal discrimination. For example, a prospective employee could sue a company, alleging that the company’s decision not to hire the individual was based on the company’s knowledge of the person’s religious identity, information that could have been gleaned only through the company’s access to the individual’s Facebook page.

In short, employers would be wise to instruct their human resources departments to put a stop to password requests.